6. Add a Trusted Certificate
Digital certificates
are electronic documents that verify the identity of a computer or a
user. By default, a server running Windows SBS 2011 creates self-signed
certificates for the intranet websites it hosts and for its domain
controller functions. Self-signed certificates are sufficient for
internal functions because users on the network can trust the authority
of their local server.
When a client computer first uses one of these
internal functions, it automatically applies for and receives a
certificate from the server, a process called autoenrollment.
The process is invisible to the users on the network, but they can open
the Certificates snap-in on their computers and look at the
certificates they have received.
However, Internet users are not logged on to the AD
DS domain, so they cannot obtain certificates using autoenrollment. When
a remote user on the Internet connects to a Windows SBS 2011 resource
on your network, such as the RWW website, the browser displays an error
message, as shown in Figure 8.
This message appears because the web server has generated its own
certificate, and on the Internet, a computer that verifies its own
identity is not trustworthy.
For users conscious of this situation, clicking the Continue to this website (not recommended)
link presents no danger, but to eliminate the error message, the server
must have a certificate issued by a third party that both the clients
and the server trust. The third party is typically a commercial CA that
is in the business of confirming the identities of clients and issuing
certificates attesting to that identity.
Note:
MORE INFO You
can also eliminate the error message by deploying your server’s
self-signed certificate on the remote computer.
The Getting Started Tasks page provides an Add
A Trusted Certificate Wizard that simplifies the process of enrolling
for and installing a third-party certificate. To run the wizard, use the
following procedure:
Log
on to your Windows SBS 2011 primary server, using an account with
network Administrator privileges. The Windows SBS Console window
appears.
On the Home page of the Windows SBS Console, click Add a trusted certificate. The Add A Trusted Certificate Wizard appears, displaying the Before You Begin page.
Click Next. The Get The Certificate page appears.
Select the I want to buy a certificate from a certificate provider option and click Next. The Verify The Information For Your Trusted Certificate page appears, containing the name of your remote site and the company and address information you supplied during the Windows SBS 2011 installation.
Modify the company and address information, if necessary, and click Next. The Generate A Certificate Request page appears.
Note:
If your domain name registrar can also supply
certificates, the wizard displays a link to its site. However, you can
use any provider you want to obtain your certificate.
Click Copy to copy the certificate request to the clipboard or click Save to file to save the request as a file on your local drive.
Click Next. The A Request Is In Progress page appears.
Open
the website of the certificate provider that you want to use and submit
your request by pasting the contents of the Clipboard into the
appropriate form or uploading the request file that you saved. After you
pay a fee and supply the correct information, the provider issues a
certificate, either as text you can copy to the Clipboard or as a file
you can download.
Return to the Add A Trusted Certificate Wizard, make sure that the I have a certificate from my certificate provider option is selected, and click Next. The Import The Trusted Certificate page appears.
In the Trusted certificate box, either paste the text that you copied from the certificate provider’s site or click Browse to select the file that you downloaded, and then click Next. A The Trusted Certificate Is Imported Successfully page appears.
Click Finish. The wizard closes.
4.2.7. Configure Server Backup
The Getting started tasks list contains a link to the Configure Server Backup Wizard, which you can also access from the Backup
And Server Storage page of the Windows SBS Console.
4.2.8. Adding Users and Computers
To connect workstations to your network, you must create user accounts and join the computers to your AD DS domain. The Add A New User Account Wizard in the Getting started tasks list is also accessible from the Users And Groups page in the Windows SBS Console.
